Mr. Dolan stopped short of saying "I'd be willing to go to prison for 6 months for nothing." I'd very much like to ask him --in a public forum-- whether he would object to such an arrangement for one of his children.

What I find troubling is that the common practice of wireless "trouble shooting" is turned into evidence of a crime.

One explanation for why Arron changed his MAC address (without criminal intent) is that he was trying to figure out WHY he was kicked off the network. When your computer doesn't connect, you jog it into requesting another IP address. Problem solved! When you can't connect again, you say "hmmm, what is going on." You request another IP address, but that doesn't work. You ask, "is it a wireless policy because I'm hogging wireless bandwidth?" You then change your mac address. You connect. You conclude, "ah, it is a wireless policy, I'm hogging the bandwidth and MIT doesn't want that; I'll just use the wired connection in the closet." You connect in the closet but you don't want people messing with your laptop (or stealing it), so you cover it.

What was "trouble shooting" turns into evidence of criminal conduct. Be careful next time you try to trouble shoot a network connection.

I'd tape the pages in a loop around the document feeder and fax it back to them ...

Only a few votes behind, we have a comment from our post about the latest example of shifty Hollywood accounting. In response to a commenter who wondered how the studios don't run into tax problems with these practices, jupiterkansas suggested a possibility:

They pay their taxes directly to the candidates.

For Editor's Choice on the Funny side, we're going to run with the theme of crazily redacted documents from the government, since we actually had more than one story in that vein. First up, going back to the post about the DOJ's response to the ACLU, we've got an anonymous commenter who couldn't ignore how brazenly insulting the DOJ's move was:

For all the things you may complain the government gets wrong, trolling is not one of them

Net Flubs

I once made a single character typo in a wget command and retrieved the _Entire_ works of Gary Trudeau, literally every Doonesbury cartoon he'd ever published to date.

Laying that mistake at my feet might seem attractive to an attorney like Ms. Ortiz, but I'll point to the incompetent database manager who published the data. Mr. Trudeau was lucky that I happened to know a cartoonist who could tell him about his Terrible Mistake of hiring the incompetent. I was lucky to have the experience before regulatory capture overcame the public's prosecutors. I never got the postcard I asked for, so I do not know if the problem was ever solved, but I've never seen any reports that all of Trudeau's works have been posted online.

If I were on a jury looking at the Swartz download, I'd have my very good reasons to doubt what appears simple or obvious.

In closing, I'd note that most netizens can reasonably distinguish between public goods, those bought with taxpayer dollars, and private goods like Mr. Trudeau's works. However, it's obvious that our government cannot. Absent public financing of elections, our elected serve two masters, and they will continue to divert public intellectual properties to the private sector and criminalize us unless we pay for those goods twice+. Please vote.

Back when they were debating whether or not to make MLK's birthday a national holiday, a poll was taken. 10% were for it. 10% were against it. 80% said let's shoot four more and take the whole week off!

DHCP - the real criminal

It seems that DHCP, not Mr. Swartz was the culprit behind the new counts 3 and 8 of the superseding indictment.

The superseding indictment added the "sidestepping" in the following allegations compared to the first indictment:

"On September 25, 2010, JSTOR blocked communication from that IP address.... On September 26, 2012, Swartz established a new IP address for his computer on the MIT network...which sidestepped the IP address block and allowed the laptop to resume downloading...."

This "sidestepping" was not alleged in the initial indictment and occurred THE DAY AFTER the initial IP block. The MIT wireless network would have been using DHCP to assign IP addresses and it is this computer protocol that is likely responsible for AUTOMATICALLY "establishing" the new IP address, not Mr. Swartz, when the computer connected that day. This is likely the case particularly because the MIT network was assigning public IPv4 addresses (not easy to come by), the lease of which would be short.

This is where Kerr's analysis goes wrong. Kerr assumes that Mr. Swartz "responded" to the IP address block by deliberately changing his IP address ("circumventing code-based restrictions by circumventing identification restrictions"). But Aaron in all likelihood didn't - it was automatic as a result of the protocol. So, Aaron did not circumvent "code based restrictions," DHCP did so without Aaron requesting. Pretty lame allegation by the US.

So, DHCP is the criminal, not Aaron. Someone please arrest the authors of DHCP. At worst, the prosecutor could claim that Aaron did not comply with the terms of service on that day.

This is important because these are the new counts (counts 3 and 8 on that day) that the US Attorney was piling on to bring the total penalty up to 50 years. The first indictment did not allege that Aaron changed his IP address to "sidestep" anything to allow continued downloading. It just mentioned that the IP address had changed (not good enough for an indictment). The theory for September 26 would have had to have been that Aaron violated TOS, not circumvention.

So, the new counts for September 26, 2010, were bogus. Can someone please let me know if I'm missing something?

Re: DHCP - the real criminal

Actually, I believe you are factually incorrect. While I certainly agree the charges were total BS I believe what you are saying, at least as I read it, is not technically correct with the way IP addressing and MAC addresses work.

When you block a computer from a network it is most generally done by telling the DHCP server (responsible for assigning IP addresses) not to issue an IP address (or in many instances to issue a special IP address for re-mediation purposes, such as virus removal) by blocking (or redirecting to a different network) the MAC (Media Access Control) address for the computer in question.

The MAC address is supposed to be a unique ID, and for most physical hardware it always is (there are some exceptions to this). Aaron changed his MAC Address and the government contended that this was done to hide the fact that his computer was connecting to the network again.

What is kind of strange here is that if I understand things correctly, he started the download over WIFI and when the MAC address block was put in place, he decided the problem was that he was attempting to download too much via WIFI (evidently they had limits to volume on their WIFI network). I do not know if he changed the MAC address to his WIFI connection, but that really doesn't matter because he moved to a wired connection.

Now they claim he changed his MAC address, but if he went from a WIFI connection to a wired connection, they each have different MAC addresses. You see MAC addresses are assigned to the interface card not the computer. So a computer with multiple cards (WIFI, Wired...) has multiple MAC addresses. If he moved from a WIFI to a wired connection he probably also would have been assigned an IP address on a different subnet (so the system would know he was not limited to a specific download limit). That is likely how their system was designed.

There are MANY valid reasons to change a MAC address, most have to do with replacing hardware, or troubleshooting.

Of course without more technical information about the network he was connecting to I can't be 100% sure that my assessment is correct either, other than I know the MAC address for a WIFI card and a NIC (Network Interface Card) on the same computer WILL have different MAC addresses.

Re: Re: DHCP - the real criminal

he decided the problem was that he was attempting to download too much via WIFI (evidently they had limits to volume on their WIFI network).

An excellent analysis, but one small thing missed out for those that don't habla network:

It's perfectly reasonable to conclude that there's a wi-fi block limit but not a wired one since wi-fi is shared bandwidth on the local network and wired isn't.

A standard 56Mbps wireless connection splits that bandwidth between all clients connected to that access point - i.e. if one person is doing a major download there's a good chance the other (potentially 20-ish) clients are running like a dog while it's going on as one person can easily eat a good percentage of the shared amount (think 1/2 decent download speed for internet = 5Mbps = 10% of bandwidth, 1/2 decent download speed for local network = oh say 20Mbps = almost 50% bandwidth).

On the other hand a standard 100Mbps wired connection can give that full speed to each client and is limited only by the shared uplink to the rest of the network (usually 1Gbps or better) so at least 10 clients on the same switch have to be totally caning their connection simultaneously to create the same problem.

Ergo, reasonable to troubleshoot and conclude it's a wirelsss only issue.

Re: Re: DHCP - the real criminal

No, no, you have what happened wrong. The IP address was blocked by *JSTOR*, NOT MIT's DHCP server. MIT's DHCP server was issuing *public* IPv4 addresses that could be seen by JSTOR. JSTOR, on the other hand, could NOT see the MAC address (as it would have been dropped by the wireless router).

MIT would later go to the logs (presumably) and associate the MAC address with the blocked IP address as reported by JSTOR. THEN MIT would block the MAC address.

Re: Re: Re: Re: Re: DHCP - the real criminal

I don't need to know how the MIT network was setup to know how MAC Addressing and DHCP Servers inter-operate. I have been in IT for more than 30 years. I just wanted to clarify how they were related. Since it was important to note that he started on WIFI and finished on wired that the MAC Address and subsequently the IP address would be different.

Of course this brings up a different question, which I hadn't considered since I missed the fact that JSTOR blocked the IP initially.

Why didn't JSTOR block the IP address of the wired connection?

Were they only blocking the WIFI range at MIT? Was the wired connection possibly NAT'd (Network Address Translation) [a method to allow multiple computers to share 1 routable IP address] and thus exempted from the JSTOR download limit? (This would be my guess, without knowing more about the MIT Network and the agreement between JSTOR and MIT).

Mr. Applegate

Ah, Mr. Applegate, thank you for taking a look again at my posts. I didn't mean to indicate that your technical understanding was wrong, just that the facts in this case appear to be different than what you were assuming, and the analysis may be different. [I have some experience in this technical field too, by the way :-) but nobody is perfect.]

From the expert's comments and the indictment, there was no NAT going on - even in the wireless network. NO NAT. The DHCP server assigned *publicly routable, visible IP addresses* to the wireless nodes. This is very unusual, yes, but that is what was going on.

Thus, JSTOR (a remote network from MIT) could see Mr. Swartz's IP address (publicly routable), but not his wireless MAC address. JSTOR blocked Swartz's IP address on September 25, 2010, but could not block his MAC address because they simply didn't know it. The MAC address block didn't happen until September 27, 2010, presumably after JSTOR reported the IP addresses to MIT and MIT associated the IP addresses with a MAC address from their logs.

But before the MAC address block, on September 26, 2010, Swartz is accused of "establishing" a new IP address to "sidestep" the IP address block by JSTOR. But this very likely would have happened automatically as a result of him simply reconnecting his laptop to the wireless network and being assigned a different IP address. (Given that the lease times of these *publicly routable*, IP addresses were likely short, he would have been given a different IP address.)

Therefore, Swartz's "establishing" a new IP address had nothing to do with MAC address spoofing.

Now, this is crazy, but it is especially crazy because this was a NEW COUNT and a NEW ALLEGATION in the superseding indictment to BULLY Swartz with 50 YEARS of PRISON. So, the US Attorney was basically making up bogus charges, with the indication that this was somehow circumventing a "code-based restriction" (legal term).

Re: Mr. Applegate

"

But before the MAC address block, on September 26, 2010, Swartz is accused of "establishing" a new IP address to "sidestep" the IP address block by JSTOR. But this very likely would have happened automatically as a result of him simply reconnecting his laptop to the wireless network and being assigned a different IP address. (Given that the lease times of these *publicly routable*, IP addresses were likely short, he would have been given a different IP address.)

"

Again, while I agree with that
"Therefore, Swartz's "establishing" a new IP address had nothing to do with MAC address spoofing."

I don't think you can say with any certainty that he would have been issued a different IP by simply connecting again (via WIFI).

MIT has a CLASS A block of IPV4 addresses (that is 16,777,216 individual public IP Addresses) [18.0.0.0/8 MIT 1994-01 1994-01-01] (Courtesy IANA.ORG [Internet Assigned Number Authority]) I have no way of knowing how they have that address space broken out or much churn there is on the particular DHCP server, but I am betting not that much if it was a dorm. Many DHCP servers will assign the same IP address (if available) to the same MAC Address, even if the lease has long expired. (For instance my home router will assign the same IP when the same device hasn't been connected for six months and the lease expires daily.

I don't think MIT has a shortage of public IP addresses or anywhere near 16 million devices connected on it's network. According to the MIT website they only have about 11,000 employees (including faculty) and 11,189 students (Wow! nearly a 1 to 1 ratio). If the DHCP server were short on IP's it would re-assign quickly, but I doubt that is the way they have things setup.

From what I understand the MAC address did change and we do know is that he re-connected using WIRED rather than WIFI and that will result in using a different MAC address being used to connect (unless extraordinary steps are taken to prevent that). Which was my original point and I stand by that!

Re: Re: Mr. Applegate

Mr. Applegate - thanks again for responding. I think we have actually reached agreement, but from a different side of the burden of the showing with respect to the superseding indictment. And the answer is that you and I don't know for sure how IP addresses are handed out at MIT. :-)

The prosecution has the burden to show that Mr. Swartz broke the law with facts alleged in the indictment (whether they turn out to be true or not depends, but we assume they are all true for now). It appears that the "sidestepping" allegation was added for the basis for counts 3 and 8 - which carry lots of years in jail. If changing your IP address is automatic and par for the course at MIT, and it would happen automatically via DHCP, then it adds fuel to the fire that he was overcharged and bullied. If changing your IP address is not typical (as with your home router), then one could argue that he was a witch trying to circumvent the block.

But the point is that the prosecution was in a position to know and figure out these details (you and I, not so much). Since they ADDED the allegation, was something new revealed in the investigation? Or did some attorney rewrite it so that it sounded worse and they could pile on? Comparing the original indictment with the superseding indictment, it sounds like an attorney rewrote it so they could allege more counts, without any real thought or new facts (bullying).

Also, if Mr. Swartz changed his wireless *MAC address* on September 26, then the prosecution likely would have alleged that, but they didn't. So, although he changed is wireless MAC address some other day (I think in October, can't remember), he did not appear to have changed it on the 26th. (And, of course his wired MAC address is different than his wireless MAC address.)

And, I have word from a good source that if you move from one building to another building at MIT on wireless your IP address will change. So, they at least allocate different blocks of addresses to different buildings.

MIT vs. JSTOR

Just to avoid any other confusion, the IP address was blocked by JSTOR, but NOT MIT. MIT would later block the wireless MAC address to prevent an IP address from being assigned. JSTOR and MIT are two different entities with their own networks and networks staff.

Re: DHCP - the real criminal

This is where Kerr's analysis goes wrong. Kerr assumes that Mr. Swartz "responded" to the IP address block by deliberately changing his IP address ("circumventing code-based restrictions by circumventing identification restrictions"). But Aaron in all likelihood didn't - it was automatic as a result of the protocol. So, Aaron did not circumvent "code based restrictions," DHCP did so without Aaron requesting. Pretty lame allegation by the US.

I am not even convinced that changing the IP address would qualify as "circumventing code-based restrictions" in this case at all, even if Aaron did it deliberately.

In the words of an expert witness:

MIT operates an extraordinarily open network. Very few campus networks offer you a routable public IP address via unauthenticated DHCP and then lack even basic controls to prevent abuse. Very few captured portals on wired networks allow registration by any visitor, nor can they be easily bypassed by just assigning yourself an IP address. In fact, in my 12 years of professional security work I have never seen a network this open. (Source)

Changing your IP address was a completely acceptable activity on MIT's ridiculously open network. There was less DHCP security on their network than there is on your very own home router.

Re: DHCP - the real criminal

Please note the unusual setup of MIT's network. The DHCP network at MIT was issuing *public* IPv4 addresses. This is very unusual. This means that JSTOR's remote database computers could see Mr. Swartz's IP address, but NOT his MAC address. So, JSTOR blocked the IP address, not the MAC address

Mr. Swartz then "reestablished" a new IP address, but this likely happened automatically because it was the NEXT day. After the new IP address was "caught," then they reported this to MIT who blocked the MAC address.

All WIFI is shared bandwidth, this is true. Wireless 'G' is 56Mbps total available, but for Wireless 'N' it is possible to get up to 600Mbps.

The reason I didn't get into the technical differences between wireless and wired is I didn't want to over complicate the point I was making, which is that every network device has a MAC address, not every computer. I wasn't sure how far down the rabbit hole people would be willing to go.

There are ethernet devices that don't come with an assigned MAC Address (notably Arduino Ethernet Shields come to mind). So if you want to use your Arduino on an IP network you need to assign it a MAC address. Does this mean you are a crook because you made up a MAC Address?

Your point is also valid, many WIFI connections do limit bandwidth usage either to a max speed or to a max volume in a given time period. This is especially true for open WIFI where connecting computers could be infected and being used maliciously without the owners knowledge.

Re:

Wireless 'N' it is possible to get up to 600Mbps.

True 'N' is 300Mbps or 600Mbps, but I I was trying to avoid the nitty gritty. Don't know what it's like in the US, but AFAIK few corporates, still less academic campuses, have 'N' in wide use as it takes a LOT of access points to cover ground and they want to milk the existing coverage and fill in holes rather than upgrade wholesale. And even though it's faster it's still shared bandwidth, which was the main point I was making. It's still subject to interference and bottlenecks so a 100Mbps wired connection is likely to perform better than a nominally "600"Mbps wireless especially in a potentially dense client area. (Besides, if there's loads of 'N' wireless around the wired connections are prob 1Gb with 10Gb uplinks so the ratios still kinda work... :-) )

There are ethernet devices that don't come with an assigned MAC Address

Yep. Me, I sometimes use a virtual machine with appropriate tools on it for whatever I'm doing rather than install everything on the one machine. Run one up and hey, look I'm presenting a new MAC...

Re: MLK Day

Re: Re: MLK Day

Major FAIL. Rednecks are notorious for being racist, and IMHO incredibly stupid.

It stands to reason that all MLK did for civil rights and human rights was well known throughout the world.

Considering I can think of at least 5 off the top of my head from other countries that fit in MLK's category one would think he would have the same notoriety around the globe. But what do I know, I am just an ignorant American; Right?

"the rest of the world is racist"
You do see the irony in your statement? Hating on America with what appears to be a racist comment alluding to the fact that America is racist. Yeah.

Dont like America? Boycott us. No more Youtube, Google, yahoo, Bing, Amazon, iTunes.... and well just about the whole internet. Good luck with that.

Re: Re: Re: MLK Day

"Rednecks are notorious for being racist, and IMHO incredibly stupid". Well, thank goodness you have no prejudices of your own, huh?
"You do see the irony in your statement?". I'll let that just speak for itself.

Re: Re: Re: Re: MLK Day

"Well, thank goodness you have no prejudices of your own, huh?" - Considering I have been chased down by gun toting rednecks in the south for traveling with a black friend and almost lost my life for it then yes, I am allowed to come to the conclusion that any person that appears to fall into the redneck stereotype are incredibly stupid.

Re: Re: Re: MLK Day

Re: Re: Re: Re: MLK Day

No I mean like Techdirt, YouTube, Amazon, Google, Wikimedia Foundation, etc, etc. Its funny America haters choose to bash us using American websites.

Also:
Professor Leonard Kleinrock's work at University of California, Stanford Research Institute, The University of Utah, University of Hawaii, DARPA, Larry Roberts from MIT, Vint Cerf, Bob Kahn, etc, etc.

Im not trying to take away others accomplishments and contributions, but if you look at its history, America was the driving force in the creation of globally connected computer networks which we call the internet.

"an innovation by a Brit working at CERN" - Tim Berners-Lee.
an innovation by a Brit working at CERN, in Switzerland. And it is also funny he ended up at MIT in 94.

In 1989 Berners-Lee drew up a proposal for creating a global hypertext document system that would make use of the Internet. Smart guy no doubt. But invented the internet? He just made it easier. IMHO Vint Cerf and Bob Kahn deserve just as much credit if not more.

Everyone knows that Al Gore invented the internet.

Thanks :)

Side note:
Funny how all this was done by building off of the ideas and inventions of others. Imagine if copyright was the way it is today back in the 50's.